MVC "Access is Denied" using IIS

12
votes

Having serious trouble getting beyond "Access is Denied" message:

Error message 401.2: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

How I got here

Running under Windows 7, Professional. System using AD for login to system (name: SYSTEM\login). Created a new MVC 3 application in VS2010 called XYZ. Made no changes to code. Set referenced files for System.Web.mvc and System.Web.Helpers to Copy to Local = true.

What I attempted

  1. Published XYZ to file system location "C:/websites/XYZ".
  2. Added "abc.xyz.com" to hosts file with IPA 127.0.0.1.
  3. Created new Site in IIS Manager called "XYZ" and set the physical path to the path where the app is published (C:/websites/XYZ).
  4. Bound XYZ to abc.xyz.com:80.
  5. Ensured Application Pool for site runs .NET 4.0, Integrated.
  6. Application Pool Identity set to ApplicationPoolIdentity.
  7. At physical location of published files, right-clicked folder and went to Properties->Security and added IUSR to list of users, giving it Full Control.
  8. MVC project has authentication mode set to "None".
  9. Authentication for site has Anonymous Access enabled and all else disabled.
  10. I have also enabled Directory Browsing for the site.

After all this, I reset the web site, refresh the browser, and reset IIS. I still get this message when I go to abc.xyz.com. I have absolutely no idea what I should check next.

What I need

Can anyone help me with this? I have performed several Google searches with combinations of "mvc localhost access denied" and so forth, and I implemented the suggestions I found.

5
asp.net-mvcwindowsmodel-view-controlleriis-7authorization
Forgot to mention that executing the app via F5 works just fine.James Jensen

5 Answers

10
votes

Fixed

Ok. Found the answer...at least to this application. I changed the Authentication from Windows to Anonymous. Then, I removed the .NET Authorization rule which denied Anonymous access. These two things enabled access to the application without the annoying IIS login popup that accompanies Windows authorization.

One thing that I failed to notice before was that the changes I made to the web site were reflected in the web.config file at the published location, and not the source.

Unfortunately, every time I published I reset the authentication. This was probably the real reason that I had so much trouble. Lesson learned. Chagrined, I am.

One other thing that I failed to clear up was that I am using IIS 7.5.

1
votes

Add this in web.config file.

<system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <!-- rest of config -->
</system.webServer>

Hope this will help. :)

1
votes

If you want to avoid things like wrong file copied:

  • Use publish profiles and Transformation in this case:

My dev box:

<authentication mode="None" xdt:Transform="Replace"/>
  <authorization xdt:Transform="Replace">
  </authorization>

Production:

<authentication mode="Windows" xdt:Transform="Replace"/>
<authorization xdt:Transform="Replace">
  <deny users="?" />
0
votes

When creating your MVC application, one option is to create an "Intranet" application. This will turn on "Windows" authentication by default inside Web.config.

When publishing such a project to IIS, you need to enable Windows authentication for your application in the IIS Management Console. You may also have to disable Anonymous authentication.

0
votes

i get the error because this lines by web.config

https://www.asp.net/visual-studio/overview/2013/using-browser-link

<appsettings>
    <add key="vs:EnableBrowserLink" value="false"></add>
</appsettings>
<system.web>
  <compilation debug="false" targetFramework="4.5" />
</system.web>